ATA Security feature Set Clarifications

Transcription

1 ATA Security feature Set Clarifications To: T13 Technical Committee From: Jim Hatfield Seagate Technology (with Jeff Wolford: Hewlett-Packard) 389 Disc Drive Longmont, CO Phone: Fax: Date: May 24, 2006 Revision History: 0: Initial revision 1: Incorporate feedback from Dec plenary. Split the Enhancements to a separate proposal. 2: Incorporate feedback from March 14, 2006 ad hoc meeting. 3: Incorporate feedback from March 28, 2006 ad hoc meeting. 4: Incorporate feedback from Plenary #58 (April 2006), and ad hoc meetings (May 17, 2006 and May 24, 2006) Introduction The purpose of this proposal is to clarify a number of vague and unspecified issues regarding the ATA Security feature set. This is the source of unpredictable behavior between vendors and models currently in the market. Locking down the specification of ATA Security is critical to ensuring reliable interoperability. Proposal I propose that the following be incorporated into ATA/ATAPI-8 ACS as a full replacement for the referenced sections. Page 1 of 33 May 24, 2006

2 These terms are to be added to the Glossary Security Is Not Supported Security Is Disabled Security Is Enabled Security Is Locked Security Is Unlocked Security Is Frozen Security Is Not Frozen Master Password Capability The Security feature set is not supported. The SECURITY commands (see 1.1.5) are not supported and shall be command aborted. IDENTIFY DEVICE reports that the Security feature set is not supported. The Security feature set is supported, but that there is no valid User password. There is a Master password. Access to user data is not restricted by the Security feature set. The terms Security Is Locked and Security Is Unlocked are not applicable. (e.g. Security states SEC0, SEC1, SEC2). The Security feature set is supported, and a valid User password has been set. (e.g. Security states SEC3, SEC4, SEC5, SEC6). Security is enabled. In addition, access to the device is restricted. (e.g. Security state SEC4). Security is enabled. A SECURITY UNLOCK command was successful, allowing access to the device. (e.g. Security state SEC5, SEC6). Security may be either enabled or disabled. Changes to Security states are not allowed until after the next power-on or hardware reset. (e.g. Security states SEC2, SEC6). Security may be either enabled or disabled. Changes to Security states are allowed (e.g. Security states SEC1, SEC4, SEC5). The Master Password Capability indicates whether or not the Master password may be used to unlock the device. This was formerly know as Security Level. Security Level See Master Password Capability. Password Attempt Counter Exceeded There were too many attempts to unlock the device with an incorrect password. Further unlock attempts are denied until a power-on or hardware reset. Page 2 of 33 May 24, 2006

3 1.1 Security feature set Overview The optional Security feature set is a password system that restricts access to user data stored on a device. In addition, access to some configuration capabilities is restricted. See also the Master Password Identifier feature (1.2) which is an optional enhancement to the Security feature set Passwords The system has two types of passwords: User and Master User Password The User password is used to create a lock to block execution of some commands, including preventing access to all user data on the device. The User password may be used to unlock the device to allow access. Security is enabled by setting a User password with the SECURITY SET PASSWORD command. When the security is Enabled, the device is automatically Locked (i.e., access to user data on the device is denied) after a power-on reset is processed until a SECURITY UNLOCK command completes successfully Master Password The Master password is a password that may be used to unlock the device if the User password is lost or if an administrator requires access (e.g. to repurpose a device). A factory-installed Master password may be valid before an initial SECURITY SET (master) PASSWORD command has been successfully executed. A device may contain both a valid Master and a valid User password. Setting the Master password does not enable Security (i.e., does not Lock the device after the next power-on reset has been processed) Master Password Capability A device with Security enabled has two ways of using the Master password. This capability has values of High or Maximum. When the Master Password Capability is set to High, either the User or Master password may be used interchangably. See Table 1. When the Master Password Capability is set to Maximum, the Master password cannot be used with the SECURITY DISABLE PASSWORD and SECURITY UNLOCK commands. The SECURITY ERASE UNIT command, however, does accept the either the User or Master password. Page 3 of 33 May 24, 2006

5 1.1.6 IDENTIFY DEVICE data Support of the Security feature set is indicated in IDENTIFY DEVICE and IDENTIFY PACKET DEVICE data word 82 and data word 128. Security information in words 82, 89 and 90 is fixed until the next power-on reset and shall not change unless DEVICE CONFIGURATION OVERLAY removes support for the Security feature set. Security information in words 85, 92 and 128 are variable and may change. If the Security feature set is not supported, then words 89, 90, 92 and 128 are N/A Security initial setting When the device is shipped by the manufacturer, Security shall be disabled (e.g. is not Locked). The initial Master password value is not defined by this standard Password Rules This section applies to any Security command that accepts a password, and for which there exists a valid password This section does not apply while Security is Frozen. If Security is disabled and there is a valid Master password, then the Master password may be used. The SECURITY ERASE UNIT command ignores the Master Password Capability value when comparing passwords, and shall accept either a valid Master or User password. If the User password sent to the device does not match the user password previously set with the SECURITY SET PASSWORD command, the device shall return command aborted. If the Master Password Capability was set to High during the last SECURITY SET (user) PASSWORD command, the device shall accept the Master password and complete normally. If the Master Password Capability was set to Maximum during the last SECURITY SET (user) PASSWORD command, the device shall return command aborted for SECURITY UNLOCK or SECURITY DISABLE PASSWORD if the Master password is supplied.. Page 5 of 33 May 24, 2006

6 1.1.9 Password Attempt Counter The device shall have an password attempt counter. The purpose of this counter is to defeat repeated trial attacks. The counter shall only be decremented while in state SEC4, whenever the SECURITY UNLOCK command fails because of an invalid User or Master password. SECURITY ERASE UNIT and SECURITY DISABLE PASSWORD commands may decrement the counter for failed password comparisons [editors note: from which states?]. Once the counter reaches zero, it shall not be decremented, and the PasswordAttemptCounterExceeded bit (IDENTIFY DEVICE data word 128, bit 4) shall be set to one, and the SECURITY UNLOCK and SECURITY ERASE UNIT commands shall be command aborted until after the next power-on or hardware reset. The PasswordAttemptCounterExceeded bit shall be cleared to zero [editors note (only)?] by either a power-on or hardware reset. [editors note: should hardware reset not clear the counter?] None of the commands in the Security feature set shall clear this bit. The counter shallbe set to five (5) [editors note (only)?] after a power-on or hardware reset. [editors note: should hardware reset not initialize the counter?] None of the commands in the Security feature set shall re-initialize this counter Security states See Figure 1 and Table 2. When the power is off, the Security characteristics are as in Table 2, but are not reportable. Security State Table 2 - Summary of Security States and Characteristics Enabled (ID word 85, bit 1) Security Characteristics Locked (ID word 128, bit 2) Frozen (ID word 128, bit 3) Password Attempts Exceeded (ID word 128, bit 4) Power SEC0 off 0 N/A N/A N/A SEC1 on SEC2 on varies SEC3 off 1 N/A N/A N/A SEC4 on varies SEC5 on varies SEC6 on varies Page 6 of 33 May 24, 2006

14 Details about each state and transition [editors note: resume here ] State SEC0: Powered down/security Disabled/Not Locked/ Not Frozen: This state shall be entered when the device is powered-down with the Security feature set disabled. Transition SEC0:SEC1: When the device is powered-up, the device shall make a transition to the SEC1: Security disabled/not Frozen state. State SEC1: Security Disabled/Not Locked/ Not Frozen: This state shall be entered when the device is powered-up or a hardware reset is received with the Security feature set disabled or when the Security feature set is disabled by a SECURITY DISABLE PASSWORD or SECURITY ERASE UNIT command. In this state, the device shall respond to all commands except those indicated as Command Aborted in Disabled column of Table 4. When entering this state from power-on or hardware reset, the device shall set the password attempt counter to five. While in this state, IDENTIFY DEVICE and IDENTIFY PACKET DEVICE shall report values as described in Table 5. Table 5 - IDENTIFY values reported in Security state SEC1 Word Bit position Value Description Security feature set is supported There is no active User password copy of Security feature set is supported word 82, bit copy of Security feature set is disabled word 85, bit device is not locked device is not frozen varies PasswordAttemptCounterExceeded flag. On power-on or hardware reset, clear to zero; otherwise, do not modify this value Master Password Capability is not maximum Transition SEC1:SEC0: When the device is powered-down, the device shall make a transition to the SEC0 state. Transition SEC1:SEC1: Page 14 of 33 May 24, 2006

15 When a Hardware reset occurs the device shall remain in state SEC1. [Editors note: do we need this loopback? what about non-security commands? is this list of events inclusive or exclusive? ] [only needed if something special is done in the state so not needed] When a hardware reset occurs, the device shall clear the PasswordAttemptLimitExceeded flag and remain in state SEC1. [Editors note: if the loopback is kept, should it be labeled?] When a successful SECURITY SET (master) PASSWORD command is received, the Master password and the optional Master Password Identifier shall be saved, and the device shall remain in state SEC1. The Master Password Capability shall remain unchanged. In this state, the device shall respond to all commands except those indicated as Command Aborted in Disabled column in Table 4 [global]. With the exception of the SECURITY commands, execution of these commands does not cause a transition from state SEC1. Transition SEC1:SEC2: When a SECURITY FREEZE LOCK command is successful, the device shall make a transition to the SEC2 state. Transition SEC1:SEC5: When a SECURITY SET (user) PASSWORD command is successful, the device shall save the User password, update the Master Password Capability and make a transition to the SEC5 state. State SEC2: Security Disabled/ Not Locked/ Frozen: This state shall be entered when the device receives a SECURITY FREEZE LOCK command while in the SEC1 state. In this state, the device shall respond to all commands except those indicated as Command Aborted in Frozen column. Execution of these commands does not cause a transition from state SEC2. The device shall report the following IDENTIFY DEVICE or IDENTIFY PACKET DEVICE data when in this state: word 128, bit 3 shall be set to one (frozen) Transition SEC2:SEC0: When the device is powered-down, the device shall make a transition to the SEC0 state. Transition SEC2:SEC1: When the device receives a hardware reset, the device shall make a transition to the SEC1 state. Page 15 of 33 May 24, 2006

16 State SEC3: Powered down/security Enabled/ Locked/ Not Frozen: This state shall be entered when the device is powered-down with the Security feature set enabled. Transition SEC3:SEC4: When the device is powered-up, the device shall make a transition to the SEC4 state. State SEC4: Security Enabled/ Locked/ Not Frozen: This state shall be entered when the device is powered-up or a hardware reset is received with the Security feature set enabled. In this state, the device shall respond to all commands except those indicated as Command Aborted in Locked column. With the exception of the SECURITY commands, execution of these commands does not cause a transition from state SEC4. When entering this state from power-on or hardware reset, the device shall set the password attempt counter to five. The device shall report IDENTIFY DEVICE or IDENTIFY PACKET DEVICE field values in accordance with Table 6. Table 6 - IDENTIFY settings for Security state SEC4 Word Bit(s) Value Desription Security feature set is supported There is an active User password copy of word 82, Security feature set is supported bit copy of word 85, Security feature set is enabled. bit device is locked device is not frozen varies PasswordAttemptCounterExceeded flag. On power-on or hardware reset, clear to zero; otherwise, do not modify this value varies security level Transition SEC4:SEC1: When a SECURITY ERASE PREPARE command is successful and is followed by a successfully completing SECURITY ERASE UNIT command, the device shall make a transition to the SEC1 state. Transition SEC4:SEC3: When the device is powered-down, the device shall make a transition to the SEC3 state. Page 16 of 33 May 24, 2006

17 Transition SEC4:SEC4: When the device receives a hardware reset, the device shall remain in state SEC4. [Editors note: do we need this loopback? what about non-security commands? is this list of events inclusive or exclusive? ] When a SECURITY UNLOCK command is received with an incorrect password, the password attempt counter shall be decremented by 1, and remain in state SEC4. If password attempt counter reaches 0, the PasswordAttemptCounterExceeded bit (IDENTIFY DEVICE word 128, bit 4) shall be set to 1. Transition SEC4:SEC5: When a SECURITY UNLOCK command is successful, the device shall make a transition to the SEC5 state. State SEC5: Security Enabled/ Not Locked/ Not Frozen: This state shall be entered when either a SECURITY SET (user) PASSWORD command or a SECURITY UNLOCK command is successful. In this state, the device shall respond to all commands except those indicated as Command Aborted in Unlocked column. With the exception of the SECURITY commands, execution of these commands does not cause a transition from state SEC5. The device shall report the following IDENTIFY DEVICE or IDENTIFY PACKET DEVICE data when in this state: word 128, bit 1 shall be set to one (enabled) word 128, bit 2 shall be cleared to zero (not locked) word 128, bit 8 shall be set to one if the Master Password Capability is maximum shall be cleared to zero if the Master Password Capability is high Transition SEC5:SEC1: When a SECURITY DISABLE PASSWORD command is successful, the device shall make a transition to the SEC1 state. Transition SEC5:SEC3: When the device is powered-down, the device shall make a transition to the SEC3 state. Transition SEC5:SEC4: When the device receives a hardware reset, the device shall make a transition to the SEC4 state. Page 17 of 33 May 24, 2006

18 Transition SEC5:SEC5: [Editors note: do we need this loopback? what about nonsecurity commands? is this list of events inclusive or exclusive? ] When a successful SECURITY SET (master) PASSWORD command is received, the Master password and the optional Master Password Identifier shall be saved and the device shall remain in state SEC5. The Master Password Capability shall remain unchanged. When a SECURITY SET (user) PASSWORD command is successful, the device shall save the User password, update the Master Password Capability and make a transition to the SEC5: state. Transition SEC5:SEC6: When a SECURITY FREEZE LOCK command is successful, the device shall make a transition to the SEC6 state. State SEC6: Security Enabled/ Locked/ Frozen: This state shall be entered when the device receives a SECURITY FREEZE LOCK command while SEC5state. In this state, the device shall respond to all commands except those indicated as Command Aborted in Frozen column. Execution of these commands does not cause a transition from state SEC6. The device shall initialize the following IDENTIFY DEVICE or IDENTIFY PACKET DEVICE data when in this state: word 128, bit 3 shall be set to one (frozen) Transition SEC6:SEC4: When the device receives a hardware reset, the device shall make a transition to the SEC4 state. Transition SEC6:SEC3: When the device is powered-down, the device shall make a transition to the SEC3 state. Page 18 of 33 May 24, 2006

19 1.2 Master Password Identifier feature This is an optional enhancement to the Security feature set, which is a prerequisite Use Case (Informative) The intended purpose of this feature is to assist an administrator that uses several sets of Master passwords (for use in different deployments of devices). The administrator may maintain a mapping of actual Master passwords and a corresponding Identifier. When an administrator sets a Master password, the corresponding Master Password Identifier could be also set. When the time comes to redeploy a device for which a User password had been set (and subsequently lost), the administrator needs to know which Master password is actually valid for this individual device. Since the device never reveals the Master password but does reveal the Identifier, the administrator may obtain a hint as to which Master password was previously set Requirements The device shall maintain a 2-byte host vendor-specific data value associated with the Master Password. The Master Password Identifier does not indicate whether a Master Password exists or is valid. Support for this feature is reported in the IDENTIFY DEVICE or IDENTIFY PACKET DEVICE data in word 92. Valid identifiers are 0001h through FFFEh. A value of 0000h or FFFFh indicates that the this feature is not supported. If the device supports this feature, A. The device shall store a non-volatile identifier field with the stored Master password. The identifier is maintained for the benefit of the host. The value is not modified by the device. B. Prior to first use, the initial Master Password Identifier shall be set to FFFEh by the manufacturer. Page 19 of 33 May 24, 2006

20 1.3 DEVICE CONFIGURATION SET - B1h/C3h, PIO Data Out Word 7: Command/features set supported part 1 Word 7 bit 3 is cleared to zero to disable support for the Security feature set if Security is disabled, and has the effect of changing the IDENTIFY DEVICE or IDENTIFY PACKET DEVICE response: clear word 82 bit 1 to zero, clear word 85 bit 1 to zero, clear words 89, 90, 92 and 128 to zero. If Security is enabled, then the device shall return command aborted and make no changes. Word 7 bit 3 is set to one to allow reporting of support for the Security feature set and if the device does support the feature set has the effect of changing the IDENTIFY DEVICE or IDENTIFY PACKET DEVICE response: set word 82 bit 1 to one; clear word 85 bit 1 to zero; set word 128 bit 0 to one; set word 128 bit 5 to one if the enhanced security erase feature is supported; and setting words 89, 90 and 92 to a valid value. Page 20 of 33 May 24, 2006

21 1.4 IDENTIFY DEVICE - ECh, PIO Data-in Words (84:82): Features/command sets supported If bit 1 of word 82 is set to one, the Security feature set is supported Words (87:85): Features/command sets enabled If bit 1 of word 85 is set to one, then Security has been enabled by setting a User password via the SECURITY SET PASSWORD command. If bit 1 of word 85 is cleared to zero, there is no valid User password. If the Security feature set is not supported, this bit shall be cleared to zero Word 89: Time required for Security erase unit completion Word 89 specifies the estimated time required for the SECURITY ERASE UNIT command to complete its normal mode erasure. Support of this word is mandatory if the Security feature set is supported. If the Security feature set is not supported, this word shall be cleared to zero. Value Time 0 Value not specified (Value 2) minutes 255 >508 minutes Word 90: Time required for Enhanced security erase unit completion Word 90 specifies the estimated time required for the SECURITY ERASE UNIT command to complete its enhanced mode erasure. Support of this word is mandatory if support of the Security feature set is supported. If the Security feature set is not supported, this word shall be cleared to zero. Value Time 0 Value not specified (Value 2) minutes 255 >508 minutes Word 92: Master Password Identifier If either the Security feature set or the Master Password Identifier feature are not supported, word 92 shall contain the value 0000h or FFFFh Page 21 of 33 May 24, 2006

22 If the Security feature set and the Master Password Identifier feature are supported, word 92 contains the value of the Master Password Identifier set when the Master Password was last changed Word 128: Security status Support of this word is mandatory if the Security feature set is supported. If the Security feature set is not supported, this word shall be cleared to zero, Bit 8 of word 128 indicates the Master Password Capability. If security is enabled and the Master Password Capability is high, bit 8 shall be cleared to zero. If security is enabled and the Master Password Capability is maximum, bit 8 shall be set to one. When security is disabled, bit 8 shall be cleared to zero. Bit 5 of word 128 set to one indicates that the enhanced mode of the SECURITY ERASE UNIT command is supported. Bit 4 of word 128 set to one indicates that the password attempt counter has decremented to zero. This is also known as the PasswordAttemptCounterExceeded bit. Bit 3 of word 128 set to one indicates that security is frozen. Bit 2 of word 128 set to one indicates that security is locked. Bit 1 of word 128 set to one indicates that security is enabled. This is a copy of word 85, bit 1. Bit 0 of word 128 set to one indicates that the Security feature set is supported. This is a copy of word 82, bit 1. Page 22 of 33 May 24, 2006

23 1.5 IDENTIFY PACKET DEVICE - A1h, PIO Data-in Words (84:82): Features/command sets supported Words (84:82) shall have the content described for words (84:82) of the IDENTIFY DEVICE command except that bit 4 of word 82 shall be set to one to indicate that the PACKET Command feature set is supported Words (87:85): Features/command sets enabled Words (87:85) shall have the content described for words (87:85) of the IDENTIFY DEVICE command except that bit 4 of word 85 shall be set to one to indicate that the PACKET Command feature set is supported Word 89: Time required for Security erase unit completion Word 89 shall have the content described for word 89 of the IDENTIFY DEVICE command Word 90: Time required for Enhanced security erase unit completion Word 90 shall have the content described for word 90 of the IDENTIFY DEVICE command Word (92:91): Reserved Word 92 shall have the content described for word 92 of the IDENTIFY DEVICE command. [Editors note: Add Words 89, 90, 92 to ID Packet Device table] Word 128: Security status Word 128 shall have the content described for word 128 of the IDENTIFY DEVICE command. Support of this word is mandatory if the Security feature set is supported. Page 23 of 33 May 24, 2006

24 1.6 SECURITY DISABLE PASSWORD - F6h, PIO data-out Feature Set This command is mandatory for devices that implement the Security feature set Description The SECURITY DISABLE PASSWORD command transfers 512 bytes of data from the host. Table 7 defines the content of this information. If the password selected by word 0 matches the password previously saved by the device, the device shall disable the User password, and return the drive to the SEC1 state. This command shall not change the Master password. This command shall return command aborted if the Security feature set is not supported, if Security is Locked (SEC4) or is Frozen (states SEC2 or SEC6). When Security is Disabled: : [Editors note: is this an enhancement or clarification?] a. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. [Editors note: should this case be ignore the password and succeed? or check the password always?][ erase unit?] b. If the Identifier bit is set to User, then the device shall return command aborted. When Security is Enabled, and the Master Password Capability is High : a. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. b. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. When Security is Enabled, and the Master Password Capability is Maximum a. If the Identifier bit is set to Master, then the device shall return command aborted, even if the supplied Master password is valid. b. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. Upon successful completion, these fields of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE shall be updated: word 85, bit 1 shall be cleared to zero (no active User password) word 128, bit 1 is a copy of word 85, bit 1 word 128, bit 8 shall be cleared to zero (Master Password Capability is not Maximum) Page 24 of 33 May 24, 2006

27 1.8 SECURITY ERASE UNIT - F4h, PIO data-out Feature Set This command is mandatory for devices that implement the Security feature set Description This command transfers 512 bytes of data from the host. Table 8 defines the content of this information. If the password does not match the password previously saved by the device, the device shall return command aborted. The SECURITY ERASE PREPARE command shall be completed immediately prior to the SECURITY ERASE UNIT command. If the device receives a SECURITY ERASE UNIT command and the previous command was not a successful SECURITY ERASE PREPARE command, the device shall return command aborted for the SECURITY ERASE UNIT command. If the password attempt counter has already decremented to zero, then the device shall return command aborted even if a correct password has been supplied. [editors note: resume here ] When Security is Disabled: [Editors note: is this an enhancement or clarification?][ the interpretation that closes the hole should prevail?] a. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. b. If the Identifier bit is set to User, then the device shall return command aborted. When Security is Enabled, and the Master Password Capability is High : a. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. b. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. When Security is Enabled, and the Master Password Capability is Maximum : a. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. c. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. When Normal Erase mode is specified, the SECURITY ERASE UNIT command shall write binary zeroes to all user data areas (as determined by READ NATIVE MAX or READ NATIVE MAX EXT). IDENTIFY DEVICE or IDENTIFY PACKET DEVICE word 89 gives an estimate of the time required to complete the erasure. The Enhanced Erase mode is optional. IDENTIFY DEVICE or IDENTIFY PACKET DEVICE word 128, bit 5 indicates whether it is supported. When Enhanced Erase mode is specified, the device shall write predetermined data patterns to all user data areas. In Page 27 of 33 May 24, 2006

28 Enhanced Erase mode, all previously written user data shall be overwritten, including sectors that are no longer in use due to reallocation. IDENTIFY DEVICE or IDENTIFY PACKET DEVICE word 90 gives an estimate of the time required to complete the erasure. On successful completion, this command shall disable Security (e.g. returns the device to Security state SEC1), and invalidate any existing User password.. Any previously valid Master password remains valid and active. Upon successful completion, these fields of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE shall be updated: word 85, bit 1 shall be cleared to zero (no active user password) word 128, bit 1 shall be cleared to zero (no active user password) word 128, bit 8 shall be cleared to zero (Master Password Capability is not Maximum) Inputs Word Name Description 00h Feature N/A 01h Count N/A 02h- 04h LBA N/A 05h Command F4h Normal outputs See [Table 62] Error outputs The device shall return command aborted if the not immediately preceeded by a SECURITY ERASE PREPARE command, or if Enhanced mode was requested but the device does not support it, or of an invalid password was specified, or if the data area is not successfully overwritten. The device may return error status if an Interface CRC error has occurred. See [Table 76]. Page 28 of 33 May 24, 2006

30 1.9 SECURITY FREEZE LOCK - F5h, Non-data Feature Set This command is mandatory for devices that implement Security feature set Description The SECURITY FREEZE LOCK command shall set the device to Frozen mode. After command completion any other commands that update the device Lock mode shall be command aborted. Frozen mode shall be disabled by power-off or hardware reset. If SECURITY FREEZE LOCK is issued when the device is in Frozen mode, the command executes and the device shall remain in Frozen mode. See Table 4 for a list of commands disabled by SECURITY FREEZE LOCK. Upon successful completion, these fields of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE shall be updated: word 128, bit 3 shall be set to one (frozen) Inputs Word Name Description 00h Feature N/A 01h Count N/A 02h- 04h LBA N/A 05h Command F5h Normal outputs See [Table 62] Error outputs Abort shall be set to one if the device is in Frozen mode. See [Table 76]. Page 30 of 33 May 24, 2006

31 1.10 SECURITY SET PASSWORD - F1h, PIO data-out Feature Set This command is mandatory for devices that implement the Security feature set Description This command transfers 512 bytes of data from the host. Table 9 defines the content of this information. The command sets only one password at a time Setting the Master Password If a Master password is specified, the device shall save the supplied Master password in a non-volatile location. The Master Password Capability shall remain unchanged. This does not cause any changes to IDENTIFY DEVICE or IDENTIFY PACKET DEVICE words 85 or 128. If the device supports the Master Password Identifier feature and a valid identifier is supplied (see 1.2), the device shall save the identifier in a non-volatile location. This new value shall be returned in word 92 of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE result data. If the host attempts to set the identifier to a invalid value (0000h or FFFFh), the device shall preserve the existing identifier and return command aborted. If the device does not support the Master Password Identifier feature, the device shall not validate the identifier field, and shall not change word 92 of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE. This shall not be cause to return command aborted Setting the User Password If a User password is specified, the device shall save the User password in a non-volatile location and update the Security Level. The Master Password Identifier shall not be changed. These fields of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE shall be updated: word 85, bit 1 word 128, bit 1 word 128, bit 8 shall be set to one (Security enabled) shall be set to one (Security enabled) shall indicate the Security Level Inputs Word Name Description 00h Feature N/A 01h Count N/A 02h- 04h LBA N/A 05h Command F1h Page 31 of 33 May 24, 2006

33 1.11 SECURITY UNLOCK - F2h, PIO data-out Feature Set This command is mandatory for devices that implement the Security feature set Description This command transfers 512 bytes of data from the host. Table 11 defines the content of this information. When Security is Disabled: c. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. d. If the Identifier bit is set to User, then the device shall return command aborted. When Security is Enabled, and the Master Password Capability is High : c. If the Identifier bit is set to Master, then the password supplied shall be compared with the stored Master password. d. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. When Security is Enabled, and the Master Password Capability is Maximum b. If the Identifier bit is set to Master, then the device shall return command aborted. d. If the Identifier bit is set to User, then the password supplied shall be compared with the stored User password. If the password attempt counter has already decremented to zero, then the device shall return command aborted even if a correct password has been supplied. If the password compare fails then the device shall return command aborted to the host and decrements the password attempt counter. When this counter reaches zero, IDENTIFY DEVICE or IDENTIFY PACKET DEVICE word 128 bit 4 shall be set to one, and SECURITY UNLOCK and SECURITY ERASE UNIT commands shall return command aborted until a power-on reset or a hardware reset. SECURITY UNLOCK commands issued when the device is unlocked have no effect on the unlock counter. Upon successful completion, this field of IDENTIFY DEVICE or IDENTIFY PACKET DEVICE shall be updated: word 128, bit 2 shall be set to cleared to zero (not locked) Page 33 of 33 May 24, 2006

Kingston Technology SSDNow V+E (Full Disk Encryption) Flash Storage Drive This product description of the SSDNow Solid State flash drive is provided by Kingston, and is applicable for all Kingston's V+E

July 2013 Product Specification Industrial 1.8 micro SATA II SLC SSD -HERMES-ER Series- Doc-No: 100-XP8SR-JESL-01V0 This document is for information use only and is subject to change without prior notice.

TS32G~128GPSD330 2.5 Solid State Disk Description Transcend PSD is a series of 2.5 PATA SSD with high performance and advanced flash control techniques. Due to smaller size (fit the standard dimensions

3.3.5 Document Number: 325993-026US Intel technologies features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending

3.3.6 Document Number: 325993-027US Intel technologies features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending

RoHS Compliant SATA High Capacity Flash Drive Series Datasheet for SAFD 25NH-M February 9 th, 2015 Revision 1.4 This Specification Describes the Features and Capabilities of the Standard and Industrial

Working Draft Project American National Standard T13/1699-D Revision 3f December 11, 2006 Information technology - AT Attachment 8 - ATA/ATAPI Command Set (ATA8-ACS) This is a draft proposed American National

Wintec Solid State Drive INFORMATION IN THIS DOCUMENT IS PROVIDED IN RELATION TO WINTEC INDUSTRIES PRODUCTS, AND IS SUBJECT TO CHANGE WITHOUT NOTICE. NOTHING IN THIS DOCUMENT SHALL BE CONSTRUED AS GRANTING

SCSI Model Flash Drive --- SCS-xxxxBA Series --- Command Specification 2002-04-10 1/9 SCSI Commands 1. CDB Command from the initiator to the drives in this series is performed by a CDB (Command Descriptor

Enterprise SSD 2.5 Solid-State Drive IT3RSK41MT3XX-xxxx The OCZ 2.5 Intrepid 3000 Series of Solid State Drives are designed specifically to address Enterprise storage and computing applications where demanding

Saber 1000 Series Enterprise SSD 2.5 Solid-State Drive SB1CSK31MT5XX-xxxx The OCZ 2.5 of Solid State Drives are designed specifically to address Enterprise storage and computing applications where demanding

Enterprise SSD 2.5 Solid-State Drive IT3RSK41ET3XX-xxxx The OCZ 2.5 Intrepid 3000 Series of Solid State Drives are designed specifically to address Enterprise storage and computing applications where demanding

User Guide May 2015 Tool Version 3.3.0 Order Number: 325912-002US INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO

Objectives IDE/ATA Interface In this part, you will -Learn about each of the ATA standards -Identify the ATA connector and cable -Learn how to set jumpers for master, slave and cable select configurations

Guide Business Desktops Document Part Number: 361206-002 September 2004 This guide provides instructions on how to use Computer Setup. This tool is used to reconfigure and modify computer default settings

Phoenix SecureCore TM Setup Utility Important information: We continually strive to bring you the latest and proven features and technologies. As part of our drive to continually improve our products modifications

Pervasive PSQL Product Activation Introduction Licensing for Pervasive PSQL is enforced by the use of keys. Keys are associated with individual computers and can be activated and deactivated. Product activation